From 911c4519ef921a3e50e5a46cbe958ced8a528c3e Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Mon, 18 Sep 2023 16:19:22 -0500
Subject: [PATCH] Fix writedup rng leak

---
 src/internal.c | 2 ++
 src/ssl.c      | 7 +++++++
 2 files changed, 9 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index 6efbfb823..8fe69ecf0 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -7934,6 +7934,8 @@ void SSL_ResourceFree(WOLFSSL* ssl)
     if (ssl->options.weOwnRng) {
         wc_FreeRng(ssl->rng);
         XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
+        ssl->rng = NULL;
+        ssl->options.weOwnRng = 0;
     }
     FreeSuites(ssl);
     FreeHandshakeHashes(ssl);
diff --git a/src/ssl.c b/src/ssl.c
index 80d0b1d7b..499e704b4 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1563,6 +1563,13 @@ static int DupSSL(WOLFSSL* dup, WOLFSSL* ssl)
     ssl->dupWrite->dupCount = 2;    /* both sides have a count to start */
     dup->dupWrite = ssl->dupWrite; /* each side uses */
 
+    if (dup->options.weOwnRng) {
+        wc_FreeRng(dup->rng);
+        XFREE(dup->rng, dup->heap, DYNAMIC_TYPE_RNG);
+        dup->rng = NULL;
+        dup->options.weOwnRng = 0;
+    }
+
     /* copy write parts over to dup writer */
     XMEMCPY(&dup->specs,   &ssl->specs,   sizeof(CipherSpecs));
     XMEMCPY(&dup->options, &ssl->options, sizeof(Options));